<?php
session_start();   // 启动session
require_once 'db_conn.php';
header("content-type:text/html;charset=utf-8");

$username = $_POST['username'];
$password = $_POST['password'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$password = md5($password);


$sql = "
select * 
from user 
where account='$username'
    and password='$password'
limit 1;
";

//$sql = ($sql);

//echo $sql;

//die;

//echo $sql;

$result = $conn->query($sql);

if($result->num_rows>0){
    echo "正确！";
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $_SESSION['uid']=$row['id'];
    $_SESSION['uname'] = $row['account'];  
    header("Location: index_2.php");
}else {
    echo "用户名或密码错误！";
    header("Location: login.html");
}

// select * from user where account='' or '1=1' and password='' limit 1;

// mysql_real_escape_string


